Benson Sy Trend Micro
Cybercriminals are known to adapt to technological advancements and to use commercially or publicly available tools to further improve their means of stealing data and money from unsuspecting users. They make use of these tools because of their ease of use, low cost and, more importantly, the low probability of getting detected.
When AutoIt v3 was first released in 2004, it was intended to help system administrators automate repetitive system tasks on Windows. However, our researchers recently found said freeware being used in compiling samples of persistent notable malware families like AUTORUN worms. This research paper discusses AutoIt malware code structures, which explain why cybercriminals prefer to create and compile threats the same way. It also discusses a way to heuristically detect obfuscated AutoIt malware. This would aid security researchers and developers in creating more powerful or low-risk heuristic detections.